PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
CREATE TABLE products ( Id INTEGER PRIMARY KEY AUTO_INCREMENT, name TEXT NOT NULL, description TEXT NOT NULL, price REAL NOT NULL ); INSERT INTO products (name, description, price) VALUES ('Prueba','Prueba',1000); DELETE FROM products WHERE (1=1); INSERT INTO products (name, description, price) VALUES ('NAME','Description',1000); SELECT table_name FROM information_schema.tables where table_name <> 'products' LIMIT 1; SELECT * FROM information_schema.tables
Copy Clear
Copy Format Clear
<?php error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); // Retrieve the product information from the form $name = mysqli_real_escape_string($mysqli, "SELECT table_name FROM information_schema.tables where table_name <> 'products' LIMIT 1"); $description = mysqli_real_escape_string($mysqli, "Description"); //$price = mysqli_real_escape_string($mysqli, "1000); SELECT * FROM products WHERE (1=1"); //$price = mysqli_real_escape_string($mysqli, "@VERSION"); $price = "1000"; echo $name; //"INSERT INTO products (name, description, price) VALUES ('NAME','Description',1000); SELECT table_name FROM information_schema.tables where (1=1); $sql = "INSERT INTO products (name, description, price) VALUES ('".$name."','".$description."',".$price.");"; // Use a prepared statement to prevent SQL injection attacks echo $sql; $query = mysqli_prepare($mysqli, $sql); // mysqli_stmt_bind_param($query, "ssd", $name, $description, $price); mysqli_stmt_execute($query); // Use a prepared statement to prevent SQL injection attacks $query = mysqli_prepare($mysqli, "SELECT * FROM products"); mysqli_stmt_execute($query); // Store the result of the query $result = mysqli_stmt_get_result($query); // Loop through the rows of the result while ($row = mysqli_fetch_assoc($result)) { // Display the product information echo "<h2>" . $row['name'] . "</h2>"; echo "<p>" . $row['description'] . "</p>"; echo "<p>Price: $" . $row['price'] . "</p>"; echo "<hr>"; } ?>
Show:  
Copy Clear